Re: complex policy -- how best to implement in Postfix?

On Mon, Mar 05, 2012 at 01:25:36PM -0500, Wietse Venema wrote:
> Ben Rosengart:
>
> > I understand how to chain smtpd restrictions, but I'm stuck on making
> > canonical(5)ization conditional on the output of the restrictions.
> > Any advice would be appreciated.
>
> If you need to deliver a different address depending on destination,

Well, no -- I am rewriting the sender address depending whether it
corresponds to LDAP object type A, type B, or not found -- but only
if the client is not in a whitelist ACL.

> then use smtp_generic_maps, to convert from the Postfix-canonical
> form to that specific external form.

So use transport(5)? If I want to rewrite to form x, use transport x and
x_generic_maps, and then transport y and y_generic_maps for form y, etc?
That makes sense; and I see in ldap_table(5) a pattern for using LDAP
to drive transport decisions.

The next question is, how to make all this conditional on the ACL match?
I can see how to do this using two cooperating Postfix instances and an
access(5) map with FILTER. Is there a better way?

Thank you,
-- Ben Rosengart "Like all those possessing a library, Sendmail, Inc. Aurelian was aware that he was guilty of +1 718 431 3822 not knowing his in its entirety [...]" -- Jorge Luis Borges NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited.

• This message: [ Message body ]
• Next message: James Chase: "Re: viewing rejected mail or solving rejection"
• Previous message: Wietse Venema: "Re: postfix-users@postfix.org: difference between "verify" and "secure""
• In reply to: Wietse Venema: "Re: complex policy -- how best to implement in Postfix?"
• Next in thread: Wietse Venema: "Re: complex policy -- how best to implement in Postfix?"
• Reply: Wietse Venema: "Re: complex policy -- how best to implement in Postfix?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]